Re: Copy files between Active/Standby Failover Units. Cisco ASA 5508-x

eford · ‎05-10-2017

Hi Guys::

I am in US and Units are in India. I need to copy

anyconnect-win-3.1.14018-k9.pkg
asdm-762-150.bin

that is on the Primary Unit to the Standby unit.

Is there a way to copy from Primary to Secondary from CIi?

I copied the files from the Primary using ASDM but cannot connect to the secondary using ASDM.

Is there a way to use TFTP between the units, since they can ping each other?

I can only think about having someone in India plug a wire from a server to the VLAN that is handling failover and add another IP to the server so it can communicate with the secondary ASA... is there an easier way that I am missing?

Help would be appreciated

Thank You

Spooster IT Services · ‎05-11-2017

Hi eford@haartz.com,

No, you cannot copy files directly between the two ASA's. You need to first move the file from one ASA to another location and next from that location to the other ASA.

But, not directly between the ASA's

For ASDM access of secondary, you can configure port redirection on primary ASA.

Sr Network Engineer
Freelancer

bmillar · ‎06-08-2017

You can try this:

Make sure 'ssh copy enable' is on, and that ssh for that ip/subnet is enabled.

then scp from one ASA to the other

ASA# copy /noconfirm asa917-12-smp-k8.bin scp://username:password@IP_Addr/asa917-12-smp-k8.bin

I don't like having to put the password in clear text on the command line, but it doesn't seem to prompt interactively for a password. (even if I don't use /noconfirm)

Brian

tholmes@cistek-sol.com · ‎01-29-2018

Much thanks - worked a treat and dub me out of a hole without flipping the ASAs over, cheers Tony

Joshua Schroth · ‎02-06-2018

I know this is an old post, but wanted to confirm that this does work. Extremely helpful for certain situations. Thank you bmillar!

xorty · ‎03-06-2019

Thanks man.